When the web was first constructed, it became clear the servers that sent web pages, images and other digital assets to browsers would need some kind of standardized system of error notification. Since there were several errors that always reported the same basic fault, it was decided this would be a good way to diagnose network problems without specialized tools or elaborate communications protocols. The HyperText Transfer Protocol (the HTTP in your browser address bar) is, after all, a rather simple system designed to do very basic things and not much else.
If a web server encounters a situation where it can’t perform its normal functions, it is programmed to do two things. First, the server logs an error condition in the standard web server logs. Second, it returns the error’s standardized code to the browser to indicate something has gone wrong. Under normal conditions, a server will return code “200,” which means whatever the browser requested was successfully delivered from the server across the network.
However, if something goes wrong, then the server sends a code other than 200. One of those codes is 401 error, which indicates a failure to access a secured resource on the web server.
One of the key features of the early web was a “quick and dirty” method of securing certain files and directories on the web server with a simple password. A web server can be configured to consider a directory or a file “restricted,” and requiring a username and/or password to access. If a restricted URL is requested by a browser, the server is set to examine the credentials sent with the request. If the proper credentials are supplied, the server sends the requested files normally. If no credentials are sent, then the server returns a “401 Unauthorized” error, indicating the restricted files are not accessible without proper credentials.
401 Error: Unauthorized Repair
In most cases, 401 errors are the result of a mistyped URL. Because servers can be configured to set some files as restricted, they can also set up blacklists restricting entire sites and only making certain files accessible without credentials. In this situation, it is easy for the server to produce “401 Unauthorized” errors even if the requested URL doesn’t exist.
Another common problem is a cookie set by the server with an out-of-date password. In such situations, the client is never asked for the updated password, because the cookie is provided as authentication first. If the cookie’s password is out of date, then the site will continually return “401 Unauthorized” errors even if the URL is properly entered. Clearing cookies should also be followed by clearing the cache, as old files can sometimes cause the same error.
A less common but quite possible cause of a 401 error is an expired login. To the client, it may appear the user is logged in while on the server permission to access the site has timed out. To repair this situation, the user should log out and then log back in to the site. This can reset the timeouts and reauthorize the browser to access the necessary URLs.
For other Troubleshooting Information, see our: